vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vm-skills/disaster-recovery/SKILL.md
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

85 lines
2.4 KiB
Markdown
Raw Permalink Blame History

---
name: disaster-recovery
description: >
Restore runbook as executable checks. Validates recent backups, performs
safe, staged restore tests, and generates an audit report. Designed for
sovereign EU infrastructure. Triggers: 'disaster recovery', 'restore runbook',
'test restore', 'recovery drill', 'verify backups'.
version: 1.0.0
---
# Disaster Recovery
Tier 1 skill: convert restoration into **repeatable drills**.
This skill assumes **backup-sovereign** produces run directories like:
`backup-sovereign/outputs/runs/<node>_<label>_<timestamp>/`
Each run should include:
- `archive.tar.gz.age`
- `manifest.json`
- `ROOT.txt`
- `PROOF.json`
## Quick Start
```bash
export BACKUP_SKILL_DIR="$HOME/.claude/skills/backup-sovereign"
export RUN_DIR="" # optional; auto-uses backup-sovereign pointer
export DR_TARGET_BASE="$HOME/recovery-drills"
export AGE_IDENTITY_FILE="$HOME/.config/age/keys.txt"
export DRY_RUN=1
export REQUIRE_CONFIRM=1
export CONFIRM_PHRASE="I UNDERSTAND THIS CAN OVERWRITE RECOVERY TARGETS"
./scripts/00_preflight.sh
./scripts/10_validate_run.sh
./scripts/20_restore_plan.sh
export DRY_RUN=0
./scripts/21_restore_apply.sh
./scripts/30_verify_restored.sh
./scripts/90_verify.sh
./scripts/99_report.sh
```
## Inputs
| Parameter | Required | Default | Description |
|---|---:|---|---|
| BACKUP_SKILL_DIR | Yes | (none) | Path to backup-sovereign skill |
| RUN_DIR | No | (auto) | Backup run directory to restore |
| DR_TARGET_BASE | No | ~/recovery-drills | Base directory for recovery drills |
| AGE_IDENTITY_FILE | Yes | (none) | age private key file |
| DRY_RUN | No | 1 | Apply scripts refuse unless DRY_RUN=0 |
| REQUIRE_CONFIRM | No | 1 | Require confirmation phrase |
| CONFIRM_PHRASE | No | I UNDERSTAND THIS CAN OVERWRITE RECOVERY TARGETS | Safety phrase |
## Outputs
- `outputs/status_matrix.json`
- `outputs/audit_report.md`
- `outputs/last_drill_target.txt`
## Safety Guarantees
1. **Default DRY_RUN=1**
2. **Confirmation phrase required**
3. **Staged restore only** (never writes to system paths)
4. **Pre-restore validation** (artifacts exist, ROOT recomputation)
5. **Post-restore verification** (file counts + spot-check)
## EU Compliance
| Aspect | Value |
|---|---|
| Data Residency | EU (Ireland - Dublin) |
| Jurisdiction | Irish Law |
| Encryption | age |
## References
- [Recovery Playbook](references/recovery_playbook.md)
Reference in New Issue View Git Blame Copy Permalink